Home / malwarePDF  

Android.Lastacloud


First posted on 14 December 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Lastacloud.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name:
com.whatsapp.updatecom.androidbrowser.update
Version:
2.11.401 19.03.124.5
Name:
WhatsApp UpdateBrowser Update

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Access the list of accounts in the Accounts ServiceAct as an AccountAuthenticator for the AccountManager Access location information, such as Cell-ID, Wi-Fi, and GPS informationOpen network connectionsRead user's contacts dataRead SMS messages on the deviceWrite to internal and external storageRead internal and external storageUse the device's mic to record audioMonitor, modify, or end outgoing callsChange the phone state, such as powering it on and offAccess information about networksAccess information about the Wi-Fi stateWrite and read the user's browsing history and bookmarksRead the user's calendar dataStart once the device has finished bootingRead user's call log
Installation
Once installed, the application will display either an icon with a green speech bubble with a white silhouette of a phone receiver or a globe.






Functionality
The Trojan claims to be an application or browser update.





Once executed, the Trojan gathers the following information from the compromised device:
IMSIIMEIICCIDPhone numberManufacturer and model
The Trojan may then perform the following actions on the compromised device:
Record audio, including phone callsDownload and execute filesThe Trojan then sends the stolen information to a remote location.

The Trojan may also connect to the following remote locations:
[http://]klarkvoplige.livejournal.com[http://]boberder.livejournal.com[http://]lindamenson.livejournal.com[http://]supermenson.livejournal.com[http://]coolcoridos.livejournal.com[http://]www.tumblr.com/blog/boler[REMOVED]

Last update 14 December 2014

 

TOP